| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 3 May 2010 20:58:26 -0700
From: enh <enh@...gle.com>
To: Brian Haley <brian.haley@...com>
Cc: netdev@...r.kernel.org
Subject: Re: linux kernel's IPV6_MULTICAST_HOPS default is 64; should be 1?
On Mon, May 3, 2010 at 19:16, Brian Haley <brian.haley@...com> wrote:
> enh wrote:
>> RFC 3493 (http://tools.ietf.org/rfc/rfc3493.txt) says:
>>
>> IPV6_MULTICAST_HOPS
>>
>> Set the hop limit to use for outgoing multicast packets. (Note
>> a separate option - IPV6_UNICAST_HOPS - is provided to set the
>> hop limit to use for outgoing unicast packets.)
>>
>> The interpretation of the argument is the same as for the
>> IPV6_UNICAST_HOPS option:
>>
>> x < -1: return an error of EINVAL
>> x == -1: use kernel default
>> 0 <= x <= 255: use x
>> x >= 256: return an error of EINVAL
>>
>> If IPV6_MULTICAST_HOPS is not set, the default is 1
>> (same as IPv4 today)
>>
>> Argument type: int
>>
>> but if i create a socket and call getsockopt, i get 64, not 1. this
>> happens both on Android (2.6.32) and on Ubuntu 8.04 (2.6.24).
>
> <snip>
>
>> is this a bug? is this the right place to report it? thanks!
>
> It looks like a bug to me, feel free to send along a patch :)
a grep for IPV6_DEFAULT_MCASTHOPS suggests it isn't used:
http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Fnext%2Flinux-next.git&a=search&h=HEAD&st=grep&s=IPV6_DEFAULT_MCASTHOPS
i assumed IPV6_DEFAULT_HOPLIMIT (the unicast hop limit) was being used
by accident where IPV6_DEFAULT_MCASTHOPS should be used.
looking at net/ipv6/ipv6_sockglue.c, i see that getsockopt for both
unicast and multicast hop limits defaults to the device's hop_limit:
1109 case IPV6_UNICAST_HOPS:
1110 case IPV6_MULTICAST_HOPS:
1111 {
1112 struct dst_entry *dst;
1113
1114 if (optname == IPV6_UNICAST_HOPS)
1115 val = np->hop_limit;
1116 else
1117 val = np->mcast_hops;
1118
1119 if (val < 0) {
1120 rcu_read_lock();
1121 dst = __sk_dst_get(sk);
1122 if (dst)
1123 val = ip6_dst_hoplimit(dst);
1124 rcu_read_unlock();
1125 }
1126
1127 if (val < 0)
1128 val = sock_net(sk)->ipv6.devconf_all->hop_limit;
1129 break;
1130 }
and look how net/ipv6/af_inet6.c initializes the two fields:
202 np->hop_limit = -1;
203 np->mcast_hops = -1;
so the easiest fix would be to change net/ipv6/af_inet6.c to:
202 np->hop_limit = -1; /* Use the configured device default. */
203 np->mcast_hops = IPV6_DEFAULT_MCASTHOPS; /* Use RFC 3493
default. */
userspace programmers still have the ability to ask for the device's
default by calling setsockopt with the value -1 (as mentioned in the
RFC). in practice, i'd imagine anyone who actually wanted to use that
feature would want a separate tunable from the existing unicast one.
> -Brian
>
>
--
Elliott Hughes - http://who/enh - http://jessies.org/~enh/
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists